attack
Click on the red underlined text to get to the source
... header. Benign packets have this bit set to 0; those that
are used for an attack will have the bit set to 1.
...
...
There are a number of ways in which the evil bit may be set. Attack
applications may use a suitable API to request that it be set.
...
... Systems that do not have other mechanisms MUST provide such an API;
attack programs MUST use it.
Multi-level ...
... Multi-level insecure operating systems may have special levels for
attack programs; the evil bit MUST be set by default on packets
emanating from programs running at such levels. However, the system
...
... MAY provide an API to allow it to be cleared for non-malicious
activity by users who normally engage in attack behavior.
Fragments ...
... back on in the reassembled packet.
Intermediate systems are sometimes used to launder attack
connections. Packets to such systems that are intended to be relayed
...
...
Some applications hand-craft their own packets. If these packets are
part of an attack, the application MUST set the evil bit by itself.
...
... networks protected by firewalls, it is axiomatic that all
attackers are on the outside of the firewall. Therefore, hosts
...